<?php
// SC_User
// Alex McClung
// October 22, 2007
// Data object for the SuperConstructor user system.
class SC_User extends SimpleDBO
{
	//===================================================================================
	// Constants
	protected $TYPE_ADMIN = "Administrator";
	protected $TYPE_USER  = "Content Editor";
	
	//===================================================================================
	// Private Variables
	protected $_dbo_table_name = "sc_users";  //!< Name of the table this class uses
	protected $_dbo_id_col     = "uid";       //!< Primary key column name
	
	//===================================================================================
	// Public Variables
	public $uid;       //!< uid: INT10 unsigned auto_increment Null(#NULL#) Default()
	public $username;  //!< username: VARCHAR(32)   Null(#NULL#) Default()
	public $password;  //!< password: VARCHAR(255)   Null(#NULL#) Default()
	public $name;      //!< Name: VARCHAR(50)
	public $email;     //!< email: VARCHAR(255)   Null(#NULL#) Default()
	public $type;      //!< type: ENUM(..?)   Null(#NULL#) Default()
	
	//===================================================================================
	// Public Functions
	
	//-----------------------------------------------------------------------------------
	// Class constructor
	public function __construct($id=NULL)
	{
		// Always let the superclass construct first
		SimpleDBO::__construct($id);
	}

	//-----------------------------------------------------------------------------------
	// Attempts to log a user in
	// $username	Username of the person trying to log in
	// $pw_enc		Pre-encrypted password
	// Returns:		TRUE if the login succeeded, FALSE if not
	public function LogIn($username, $pw_enc)
	{
		// Construct the query to lookup the user based on their login and the password they provided
		$query = "SELECT `{$this->_dbo_id_col}` FROM `{$this->_dbo_table_name}` WHERE username='" . $this->_dbo_sql->Escape($username) . "' AND password='" . $this->_dbo_sql->Escape($pw_enc) . "';";
		
		// If the query is successful and a row was returned, then a user is matched in the database.
		// In other words, if the query returns exactly one row, they've logged in.
		if($this->_dbo_sql->Query($query) && $this->_dbo_sql->NumRows() == 1)
		{
			$row = $this->_dbo_sql->GetObject($this->_dbo_result_id);
			$this->Get($row->{$this->_dbo_id_col});
			return true;
		}
		return false;
	}
	
	//-----------------------------------------------------------------------------------
	// Returns TRUE if the user is an administrator
	public function IsAdmin()
	{
		return $this->type == $this->TYPE_ADMIN;
	}

	
	//===================================================================================
	// Private Functions
	
	//===================================================================================
	// Public Overrides
	
	//-----------------------------------------------------------------------------------
	// Overridden get function. Removes the password string from memory (not the database)
	// for security purposes.
	public function Get($id)
	{
		SimpleDBO::Get($id);  // Use the superclass' method
		$this->password = ""; // Hide the password, since it's only used when the user logs in
	}
	
	//-----------------------------------------------------------------------------------
	// Overridden Insert() method; encripts $this->password (if nonempty) with md5
	public function Insert()
	{
		// Make sure they supplied a password
		if($this->password != "")
		{
			// Make sure they supplied two matching passwords
			if($this->password == $this->password_confirm)
			{
				// They've done everything correctly, go ahead and insert the user
				$this->password = md5($this->password);
				unset($this->password_confirm);
				return SimpleDBO::Insert();
			}
			else
			{
				MQ::Error("Passwords do not match.");
				unset($this->password, $this->password_confirm);
			}
		}
		else
		{
			MQ::Error("No password supplied for this user.");
		}
		return false;
	}
	
	//-----------------------------------------------------------------------------------
	// Overridden update; changes the password if $this->password has a value, otherwise
	// the password will remain the same.
	public function Update()
	{
		if($this->password != "")
		{
			// Make sure they typed it right twice
			if($this->password == $this->password_confirm)
			{
				$this->password = md5($this->password);
				MQ::OK("Updated user's password.");
			}
			else
			{
				MQ::Error("Supplied passwords do not match.");
				return false;
			}
		}
		else // Load the old (md5'd) password, so that when we call SimpleDBO::Update() below, it doesn't get waxed
		{
			$this->_dbo_sql->Query("SELECT `password` FROM `{$this->_dbo_table_name}` WHERE `{$this->_dbo_id_col}`='{$this->{$this->_dbo_id_col}}';");
			$row = $this->_dbo_sql->GetObject();
			$this->password = $row->password;
		}
		
		// Update the row
		$rc = SimpleDBO::Update();
		
		// Blank out the password before we return
		unset($this->password, $this->password_confirm);
		
		return $rc;
	}
}
?>